CN107534609B - Method, apparatus and storage medium for service function chaining - Google Patents
Method, apparatus and storage medium for service function chaining Download PDFInfo
- Publication number
- CN107534609B CN107534609B CN201680022813.8A CN201680022813A CN107534609B CN 107534609 B CN107534609 B CN 107534609B CN 201680022813 A CN201680022813 A CN 201680022813A CN 107534609 B CN107534609 B CN 107534609B
- Authority
- CN
- China
- Prior art keywords
- service function
- packet
- mac address
- source mac
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/66—Layer 2 routing, e.g. in Ethernet based MAN's
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0273—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
- H04L41/0293—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for accessing web services by means of a binding identification of the management service or element
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
- H04L45/566—Routing instructions carried by the data packet, e.g. active networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/17—Interaction among intermediate nodes, e.g. hop by hop
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2408—Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/35—Flow control; Congestion control by embedding flow control information in regular packets, e.g. piggybacking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1013—Network architectures, gateways, control or user entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/604—Address structures or formats
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An example computing system includes a processor and a non-transitory medium having instructions stored thereon. The instructions, when executed, cause the processor to: a packet including a Machine Access Control (MAC) source address is received and, based on a first field of bits of the source MAC address, a service function chain identifier corresponding to a service function chain for the packet is determined. The instructions further cause the processor to: a service function index corresponding to a service function for the packet is determined based on a second field of bits of the MAC address, a tunnel identifier corresponding to a tunnel for the packet is determined based on a third field of bits of the source MAC address, and an action value for the packet is determined based on a fourth field of bits of the source MAC address.
Description
Background
The computing device may transmit the packet via a network. The network packet may include source and destination Machine Access Control (MAC) addresses.
Drawings
Certain examples are described in the following detailed description and with reference to the accompanying drawings, in which:
FIG. 1 is a conceptual diagram of an example computing device that may execute a service function chain;
FIG. 2 is another conceptual diagram of an example computing system that may execute a service function chain;
FIG. 3 is a flow diagram of an example method for executing a service function chain;
FIG. 4 is a flow diagram of an example method for executing a service function chain; and
FIG. 5 is a block diagram of an example for executing a service function chain.
FIG. 6 is a block diagram of an example for executing a service function chain.
Detailed Description
Service Function Chaining (SFC) is an increasingly popular method of providing network services. The service function links packets through multiple service functions. As an example, a service function chain may include firewall services and Intrusion Protection Services (IPS). In this example, packets that are part of the service function chain may be routed first to the firewall and then to the IPS.
One way to enable service function chaining is to use MAC (media access control) chaining. In a MAC address chain, a MAC chain compatible network device (e.g., a switch, router, or network appliance) determines that a packet is part of a service function chain. The network device then modifies the source and destination MAC addresses of the packet such that the packet is transmitted to the particular service function whose destination address is specified by the modified destination address. After the service function executes on the packet, the switch or router modifies the destination MAC address of the packet so that the packet is transmitted to a subsequent function in the chain of service functions. A MAC chain compatible network device repeatedly modifies the MAC address of a packet until the packet has traversed each service function of the chain. The packet is then transmitted to the source network device that originated the packet.
For a campus environment (i.e., a network environment in which heterogeneous network devices exist), a level 3 (L3) gateway may recover the destination MAC address of a packet once the packet has traversed each service of the chain. Requiring an L3 gateway is not appropriate for such campus environments. Furthermore, the MAC chain may utilize a large amount of memory overhead from the network switching/routing device.
The techniques of this disclosure enable MAC chaining while also preserving the destination MAC address. The techniques of this disclosure store SFC information in portions of the source MAC address. Further, a compatible network device implementing the techniques of this disclosure stores a tunnel ID (identifier), an SFC ID, an index of a next service function to which a packet is to be transmitted, and an action for the packet in a source MAC address of the packet.
FIG. 1 is a conceptual diagram of an example computing system that may execute a service function chain. A computing system 100 is illustrated in fig. 1. The computing system 100 includes devices 102, which may include switches, routers, brouters (brouters), software defined network devices, networking appliances, and the like. The device 102 includes a processor 104 and a non-transitory medium containing instructions stored thereon that, when executed, cause the processor to perform certain functions.
The processor 104 may include a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like. The processor 104 may include any combination of the foregoing. The processor 104 may also include one or more virtual devices, such as virtual processors of one or more virtual machines. The media 106 may include software, firmware, non-volatile memory, and the like. The media 106 may also be any combination of the aforementioned types of media. Processor 104 executes instructions on medium 106.
The processor 104 receives the packet 108, for example, via a network interface of the device 102. In some examples, the network interface may include one or more virtual network interfaces. Packet 108 includes a source MAC address 110. The source MAC address 110 may comprise a MAC address in accordance with an Institute of Electrical and Electronics Engineers (IEEE)802 format. In various examples, source MAC address 110 may be a 48-bit field of packet 108.
In the example of fig. 1, the source MAC address 110 may include an action value 112, an SFC Identifier (ID)116, a service function index ("SF index") 118, and a tunnel identifier 114. Action value 112 may indicate an action for packet 108. As an example, the action execution 112 may indicate that the packet 108 should stop being processed by the service function chain. In some examples, the action value 112 may indicate a block flow, a block device, a rate limit, or another action that should be performed on the packet 108.
The SFC ID 116 identifies the particular service function chain associated with the packet 108. The SFC includes one or more service functions that the network device(s) apply to the packet 108. As an example, the service function chain may include firewall service functions followed by anti-intrusion system service functions.
The SF index 118 corresponds to an index of a particular service function of the service function chain indicated by the value of the SFC ID 116. For example, SF index 118 may indicate a particular service to be performed or that has been performed on packet 108.
Tunnel ID114 indicates the particular tunnel associated with packet 108. The tunnel ID indicates the particular tunnel through which the packet 108 entered the SFC. In response to the packet 108 completing the associated SFC, a device (such as device 102) may use the tunnel ID114 to determine the source network device. Device 102 may transmit packet 108 to the determined source network device. In various examples, the action value 112, tunnel ID114, SFC ID 116, and SF index 118 may include fields of bits of the source MAC address 110. The size of the bit fields of action value 112, tunnel ID114, SFC ID 116, and SF index 118 may be variable to accommodate different SFC configurations.
The device 102 stores the action value 112, the tunnel ID114, the SFC ID 116, and the SF index 118 in the source MAC address 110 to perform the service function chain. By storing the aforementioned fields in the source MAC address 110, the device 102 may be able to determine the service function chain associated with the packet 108, the current service function in the service function chain, and the action (if any) to be performed on the packet 108. In response to traversing the service function of the service function chain, the device 102 may also be capable of determining the packet 108 and transmitting the packet 108 to a source network device associated with the packet 108.
By storing SFC data in a source MAC address as described herein, the techniques of this disclosure allow enabling compatibility with campus environments, L3 gateway traversal, and transparency with respect to legacy appliance middleboxes that do not support MAC address chaining. Furthermore, the variable number of bits that can be allocated to the various SFC-related fields in the source MAC address allows the SFC techniques of the present disclosure to scale to hundreds or thousands of service chains on a single SFF and support hundreds of service functions per chain. Further, the action field supports out-of-band signaling from service functions, such as block flow and/or device signaling.
Thus, in accordance with examples of the present disclosure, device 102 includes a medium 106 on which instructions are stored. The instructions, when executed, cause the processor 104 to: a packet 108 including a source MAC address 110 is received, and a service function chain identifier 116 corresponding to a service function chain for the packet 108 is determined based on a first field of bits of the source MAC address 110.
The instructions further cause the processor to: a service function index (e.g., service function index 118) corresponding to a service function for the packet is determined based on a second field of bits of the source MAC address 110, a tunnel identifier (e.g., tunnel identifier 114) corresponding to a tunnel for the packet is determined based on a third field of bits of the source MAC address, and an action value (e.g., action value 112) for the packet 108 is determined based on a fourth field of bits of the source MAC address.
FIG. 2 is another conceptual diagram of an example computing system that may execute a service function chain. Fig. 2 illustrates a computing system 200. Computing system 200 includes device 102 and packet 108 as in fig. 1. Further, computing system 200 includes a service function controller 202, rules 204, service function chains 210, service functions 212, and source device 206.
In various examples, service function controller 202 may comprise a Software Defined Networking (SDN) controller. The service function controller 202 may define a service function chain and corresponding identifier, a service function of the service function chain, and a tunnel identifier of the service function chain. The service function controller 202 may also define possible action values within the service function chain. In various examples, service function controller 202 may support various communication protocols, such as OpenFlow. Service function controller 202 may generate rules 204. Based on the rules 204, the device 102 may determine the action value 112, the service function chain ID 116, the service function index 118, and the tunnel ID 114.
In the example of fig. 2, the device 102 transmits the packet 108 through the SFC 210 that includes the service function 212. As described above, an example SFC may include a firewall service function and an IPS service function. Each service function 212 may include different services that one or more network devices may perform. For example, one or more network devices may perform firewall service functions. The same or different network device or devices may perform the IPS service function.
In various examples, device 102 may transmit packet 108 to one of service functions 212 based on SF index 118. In various examples, the device 102 may modify a field of the source MAC address 110 in response to the packet 108 completing one of the service functions 212 of the SFC 210. As an example, device 102 may modify the value of SF index 118 to indicate that packet 108 is to perform a subsequent one of service functions 212. In some examples, device 102 may increment the value of SF index 118 in response to packet 108 completing one of service functions 212. In response to modifying the value of SF index 118, device 102 may transmit packet 108.
In response to the packet 108 traversing the service function 212 of the SFC 210, the device 102 may receive the packet 108 and perform additional operations on the packet 108. In some examples, device 102 may transmit packet 108 to the source network device indicated by tunnel ID114 (e.g., source device 206). Source device 206 may comprise a switch, router, or any other network device as described herein, which source device 206 originates packet 108.
In various examples, device 102 may also store client ID214 in packet 108. The client ID214 may identify the device that originally sent the packet 218. In response to receiving the packet 108, the device 102 may store the source MAC address 110 in a lookup table, e.g., based on the client ID214, the device 102 associating the client ID214 with each stored MAC address. In this manner, when the packet 108 completes the traversal of the service function chain (e.g., the service function 212 of the SFC 210), the device 102 can recover the original source MAC address based on the association between the client ID214 stored in the packet 108 and the corresponding source MAC address.
FIG. 3 is a flow diagram of an example method for executing a service function chain. Fig. 3 includes a method 300. Method 300 may be described below as being performed or carried out by a system, such as computing system 100 (fig. 1) or computing system 200 (fig. 2). In various examples, method 300 may be performed by hardware, software, firmware, or any combination thereof. Other suitable systems and/or computing devices may also be used. The method 300 may be implemented in the form of executable instructions stored on a machine-readable storage medium of at least one system and executed by at least one processor of the system. In various examples, the machine-readable storage medium is non-transitory. Alternatively or additionally, the method 300 may be implemented in the form of electronic circuitry (e.g., hardware). In alternative examples of the disclosure, one or more blocks of method 300 may be performed substantially concurrently or in a different order than shown in fig. 3. In alternative examples of the disclosure, the method 300 may include more or fewer blocks than shown in fig. 3. In some examples, one or more of the blocks of method 300 may be ongoing at certain times and/or may repeat.
At block 306, the device 102 may store a value in the source MAC address indicating the service function chain of the packet (e.g., SFC ID 116), which may indicate that the packet 108 is associated with the SFC 210. At block 308, the device 102 may store an index value (e.g., SF IDX 118) in the source MAC address indicating the service function of the service function chain for the packet. In various examples, the SF IDX 118 may indicate one of the service functions 212. At block 310, the device 102 may transmit a packet, i.e., the packet 108.
FIG. 4 is a flow diagram of an example method for executing a service function chain. Fig. 4 includes a method 400. The method 400 may begin at block 402. At block 402, a computing device (device 102) may receive a packet, such as packet 108. At block 404, the device 102 may store a value indicative of a tunnel identifier of the packet, such as the tunnel ID114, in a source MAC address of the packet (e.g., the source MAC address 110). In some examples, the tunnel identifier may indicate a source device associated with the packet, such as source device 206.
At block 406, the device 102 may store a value in the source MAC address indicating the service function chain of the packet (e.g., the SFC ID 116), which may indicate that the packet 108 is associated with the SFC 210 (illustrated in fig. 2). At block 408, the device 102 may store an index value (e.g., SF IDX 118) in the source MAC address indicating the service function of the service function chain for the packet. The SFIDX 118 may indicate one of the service functions 212 in various examples. In some examples, storing the index value indicative of the service function may include incrementing the value indicative of the service function. In various examples, the value indicative of the service function chain and the index value indicative of the service function may be based on rules received from a Service Function Controller (SFC).
At block 410, the device 102 may store a value indicating an action for the packet (e.g., action value 112) in the source MAC address. In various examples, the value indicating the tunnel identifier may include a first field of bits of the source MAC address, the value indicating the source function chain includes a second field of bits of the source MAC address, the index value indicating the serving function may include a third set of bits, and the value indicating the action for the packet may include a fourth set of bits.
At block 412, the device 102 may transmit a packet, i.e., the packet 108. In some examples, the packet 108 may traverse the service function 212 of the SFC 210. At block 414, in response to completing the service function chain in response to the packet, the device 102 may transmit the packet (e.g., the packet 108) to the source network device (e.g., the source device 206) indicated by the tunnel identifier.
FIG. 5 is a block diagram of an example for executing a service function chain. In the example of fig. 5, system 500 includes a processor 510 and a machine-readable storage medium 520. Although the following description refers to a single processor and a single machine-readable storage medium, the description may also apply to a system having multiple processors and multiple machine-readable storage media. In such examples, the instructions may be distributed (e.g., stored) across multiple machine-readable storage media, and the instructions may be distributed (e.g., executed) across multiple processors.
As an alternative or in addition to retrieving and executing instructions, processor 510 may include one or more electronic circuits comprising several electronic components for performing the functions of one or more of the instructions in machine-readable storage medium 520. With respect to executable instruction representations (e.g., blocks) described and illustrated herein, it is to be understood that some or all of the executable instructions and/or electronic circuitry included within a block may, in alternative examples, be included within different blocks shown in the figures or within different blocks not shown.
The machine-readable storage medium 520 may be any electronic, magnetic, optical, or other physical storage device that stores executable instructions. Thus, the machine-readable storage medium 520 may be, for example, Random Access Memory (RAM), electrically erasable programmable read-only memory (EEPROM), non-volatile memory, a storage drive, an optical disk, and so forth. The machine-readable storage medium 520 may be disposed within the system 500, as shown in FIG. 5. In various examples, the machine-readable medium 520 is non-transitory. In this case, the executable instructions may be "installed" on the system 500. Alternatively, the machine-readable storage medium 520 may be, for example, a portable, external or remote storage medium that allows the system 500 to download instructions from the portable/external/remote storage medium.
Referring to fig. 5, packet receiving instructions 522, when executed by a processor (e.g., processor 510), may cause processor 510 to receive a packet. The service function chain storage instructions 524, when executed, may cause the processor 510 to store a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address.
The service function index storage instructions 526, when executed, may cause the processor 510 to store a service function index corresponding to a service function of the service function chain in the second bit field of the source MAC address. Tunnel identifier storage instructions 528, when executed, may cause processor 510 to store a tunnel identifier in a third bit field of a source MAC address, where the tunnel identifier corresponds to a source network device associated with the packet. Action value storing instructions 530, when executed, may cause processor 510 to store an action value (e.g., action value 112) in a fourth bit field of the source MAC address, where the action value indicates an action for the packet.
FIG. 6 is a block diagram of an example for executing a service function chain. In the example of fig. 6, system 600 includes a processor 610 and a machine-readable storage medium 620. Although the following description refers to a single processor and a single machine-readable storage medium, the description may also apply to a system having multiple processors and multiple machine-readable storage media. In such examples, the instructions may be distributed (e.g., stored) across multiple machine-readable storage media and the instructions may be distributed (e.g., executed) across multiple processors.
As an alternative or in addition to retrieving and executing instructions, the processor 610 may include one or more electronic circuits comprising several electronic components for performing the functions of one or more of the instructions in the machine-readable storage medium 620. With respect to executable instruction representations (e.g., blocks) described and illustrated herein, it is to be understood that some or all of the executable instructions and/or electronic circuitry included within a block may, in alternative examples, be included within different blocks shown in the figures or within different blocks not shown.
The machine-readable storage medium 620 may be any electronic, magnetic, optical, or other physical storage device that stores executable instructions. Thus, the machine-readable storage medium 620 may be, for example, Random Access Memory (RAM), electrically erasable programmable read-only memory (EEPROM), non-volatile memory, a storage drive, an optical disk, and so forth. The machine-readable storage medium 620 may be disposed within the system 600, as shown in FIG. 6. In various examples, the machine-readable medium 620 is non-transitory. In this case, the executable instructions may be "installed" on the system 600. Alternatively, the machine-readable storage medium 620 may be, for example, a portable, external or remote storage medium that allows the system 600 to download instructions from the portable/external/remote storage medium.
Referring to fig. 6, the packet reception instructions 622, when executed by a processor (e.g., the processor 610), may cause the processor 610 to receive a packet. The rule receiving instructions 624, when executed, may cause the processor 610 to receive a rule for determining actions for tunnel identifiers, service function chains, service functions, and packets (e.g., packet 108 of fig. 1). The value determination instructions 626, when executed, may cause the processor 610 to determine an action value, a service function chain identifier, a service function index, and a tunnel identifier based on the received rule.
The service function chain storage instructions 628, when executed, may cause the processor 610 to store a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address. The service function index storage instructions 630, when executed, may cause the processor 610 to store a service function index corresponding to a service function of the service function chain in the second bit field of the source MAC address. Tunnel identifier storage instructions 632, when executed, may cause processor 610 to store a tunnel identifier in a third bit field of a source MAC address, where the tunnel identifier corresponds to a source network device associated with the packet. The action value storage instructions 634, when executed, may cause the processor 610 to store an action value (e.g., action value 112) in a fourth bit field of the source MAC address, where the action value indicates an action for the packet.
Claims (15)
1. A method for communication, comprising:
receiving a packet;
storing a value in a source Machine Access Control (MAC) address of a packet indicating a tunnel identifier of the packet, wherein the tunnel identifier indicates a source device associated with the packet;
storing a value in the source MAC address indicating a service function chain of the packet;
storing an index value indicating a service function of a service function chain of the packet in the source MAC address; and
the packet is transmitted.
2. The method of claim 1, further comprising:
a value indicating an action for the packet is stored in the source MAC address.
3. The method of claim 2, wherein the first step is carried out in a single step,
wherein the value indicating the tunnel identifier comprises a first field of bits of the source MAC address,
wherein the value indicating the service function chain comprises a second field of bits of the source MAC address,
wherein the index value indicating the service function includes a third bit set, and
wherein the value indicating the action for the packet comprises a fourth set of bits.
4. The method of claim 1, wherein the value indicative of the service function chain and the index value indicative of the service function are based on rules received from a Service Function Controller (SFC).
5. The method of claim 1, further comprising:
the packet is transmitted to the source network device indicated by the tunnel identifier in response to the packet completing the service function chain.
6. The method of claim 1, wherein storing the index value indicative of the service function comprises incrementing a value indicative of the service function.
7. An apparatus for communication, comprising:
a processor; and
a non-transitory medium having stored thereon instructions that, when executed, cause a processor to:
receiving a packet, wherein the packet includes a Machine Access Control (MAC) source address;
determining a service function chain identifier corresponding to a service function chain for the packet based on a first field of bits of the source MAC address;
determining a service function index corresponding to a service function for the packet based on a second field of bits of the source MAC address;
determining, based on a third field of bits of the source MAC address, a tunnel identifier corresponding to a tunnel for the packet; and
based on a fourth field of bits of the source MAC address, an action value for the packet is determined.
8. The device of claim 7, wherein the medium comprises instructions that, when executed, cause the processor to:
the packet is transmitted to the corresponding service function.
9. The device of claim 8, wherein the medium comprises instructions that, when executed, cause the processor to:
receiving a packet from a service function;
modifying the service function index of the second field of bits to indicate a subsequent service function of the service function chain; and is
The packet is transmitted to a subsequent service function.
10. The device of claim 7, wherein the medium comprises instructions that, when executed, cause the processor to:
receiving a packet from a function of a service function chain in response to executing all functions of the service function chain; and is
The packet is transmitted to the source address based on the tunnel identifier.
11. The apparatus of claim 7, wherein a size of the first field of bits, a size of the second field, a size of the third field, and a size of the fourth field of bits is variable.
12. The device of claim 7, wherein the medium further comprises instructions that, when executed, cause the processor to:
receiving a rule from a service function controller; and is
The service function chain, the service function index, the tunnel identifier, and the action value are determined based on rules received from the service function controller.
13. The device of claim 7, wherein the medium further comprises instructions that, when executed, cause the processor to:
storing a client identifier in the source MAC address based on an original value of the source MAC address; and is
The original value of the source MAC address is restored based on the client identifier in response to the packet completing the service function chain.
14. A non-transitory machine-readable storage medium encoded with instructions that, when executed, cause a processor to:
receiving a packet;
storing a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address;
storing a service function index corresponding to a service function of the service function chain in a second bit field of the source MAC address;
storing a tunnel identifier in a third bit field of the source MAC address, wherein the tunnel identifier corresponds to a source network device associated with the packet; and
an action value is stored in a fourth bit field of the source MAC address, wherein the action value indicates an action for the packet.
15. The non-transitory machine-readable storage medium of claim 14, wherein the processor:
receiving rules for determining tunnel identifiers, service function chains, service functions and actions; and is
An action value, a service function chain identifier, a service function index, and a tunnel identifier are determined based on the received rule.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2016/027047 WO2017180098A1 (en) | 2016-04-12 | 2016-04-12 | Service function chaining based on mac addresses |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107534609A CN107534609A (en) | 2018-01-02 |
CN107534609B true CN107534609B (en) | 2020-10-27 |
Family
ID=60042634
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201680022813.8A Active CN107534609B (en) | 2016-04-12 | 2016-04-12 | Method, apparatus and storage medium for service function chaining |
Country Status (4)
Country | Link |
---|---|
US (1) | US20190215268A1 (en) |
EP (1) | EP3286884B1 (en) |
CN (1) | CN107534609B (en) |
WO (1) | WO2017180098A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9979645B2 (en) * | 2015-01-14 | 2018-05-22 | Futurewei Technologies, Inc. | Hardware and software methodologies for creating and managing portable service function chains |
US10097402B2 (en) * | 2016-05-11 | 2018-10-09 | Hewlett Packard Enterprise Development Lp | Filter tables for management functions |
EP3850800A4 (en) * | 2018-10-08 | 2021-09-01 | Samsung Electronics Co., Ltd. | Method and system for forwarding data packets in a service function path of a network |
CN111464443B (en) * | 2020-03-10 | 2022-06-28 | 中移(杭州)信息技术有限公司 | Message forwarding method, device, equipment and storage medium based on service function chain |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014169251A1 (en) * | 2013-04-12 | 2014-10-16 | Huawei Technologies Co., Ltd. | Service chain policy for distributed gateways in virtual overlay networks |
CN105309036A (en) * | 2013-05-24 | 2016-02-03 | 高通股份有限公司 | Mac layer transport for wi-fi direct services application service platform without internet protocol |
WO2016041606A1 (en) * | 2014-09-19 | 2016-03-24 | Nokia Solutions And Networks Oy | Chaining of network service functions in a communication network |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8773999B2 (en) * | 2011-10-26 | 2014-07-08 | International Business Machines Corporation | Distributed chassis architecture having integrated service appliances |
CN103650438B (en) * | 2013-06-27 | 2016-08-10 | 华为技术有限公司 | Flow control methods and equipment |
US9363180B2 (en) * | 2013-11-04 | 2016-06-07 | Telefonkatiebolaget L M Ericsson (Publ) | Service chaining in a cloud environment using Software Defined Networking |
US9825856B2 (en) * | 2014-01-06 | 2017-11-21 | Futurewei Technologies, Inc. | Service function chaining in a packet network |
CN104954245B (en) * | 2014-03-27 | 2019-07-16 | 中兴通讯股份有限公司 | Business function chain processing method and processing device |
CN105099960B (en) * | 2014-04-30 | 2018-03-16 | 国际商业机器公司 | Method and apparatus for realizing service chaining |
US10158568B2 (en) * | 2016-02-12 | 2018-12-18 | Huawei Technologies Co., Ltd. | Method and apparatus for service function forwarding in a service domain |
-
2016
- 2016-04-12 EP EP16898794.9A patent/EP3286884B1/en active Active
- 2016-04-12 US US16/093,375 patent/US20190215268A1/en not_active Abandoned
- 2016-04-12 CN CN201680022813.8A patent/CN107534609B/en active Active
- 2016-04-12 WO PCT/US2016/027047 patent/WO2017180098A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014169251A1 (en) * | 2013-04-12 | 2014-10-16 | Huawei Technologies Co., Ltd. | Service chain policy for distributed gateways in virtual overlay networks |
CN105309036A (en) * | 2013-05-24 | 2016-02-03 | 高通股份有限公司 | Mac layer transport for wi-fi direct services application service platform without internet protocol |
WO2016041606A1 (en) * | 2014-09-19 | 2016-03-24 | Nokia Solutions And Networks Oy | Chaining of network service functions in a communication network |
Also Published As
Publication number | Publication date |
---|---|
US20190215268A1 (en) | 2019-07-11 |
EP3286884A4 (en) | 2018-03-21 |
EP3286884B1 (en) | 2020-12-02 |
CN107534609A (en) | 2018-01-02 |
WO2017180098A1 (en) | 2017-10-19 |
EP3286884A1 (en) | 2018-02-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10841243B2 (en) | NIC with programmable pipeline | |
US9847934B2 (en) | Reducing packet reordering in flow-based networks | |
US9110703B2 (en) | Virtual machine packet processing | |
CN107534609B (en) | Method, apparatus and storage medium for service function chaining | |
EP3136654B1 (en) | Systems and methods for externalizing network functions via packet trunking | |
CN102104541B (en) | Header processing engine | |
US9838277B2 (en) | Packet copy management for service chain processing within virtual processing systems | |
US20150172156A1 (en) | Detecting end hosts in a distributed network environment | |
EP3281369A1 (en) | Server load balancing | |
CN113326228B (en) | Message forwarding method, device and equipment based on remote direct data storage | |
EP3595271A1 (en) | Packet transmission method and apparatus | |
US20220052950A1 (en) | Service Function Chaining Congestion Tracking | |
JP2016522627A (en) | Packet processing method and apparatus | |
US11184281B2 (en) | Packet processing method and apparatus | |
CN109802894B (en) | Flow control method and device | |
CN106817316B (en) | Method, device and system for detecting path MTU | |
US20160156561A1 (en) | Side channel attack deterrence in networks | |
US10177935B2 (en) | Data transfer system, data transfer server, data transfer method, and program recording medium | |
US9547613B2 (en) | Dynamic universal port mode assignment | |
US20230093985A1 (en) | Providing a hybrid virtual network | |
CN105471754A (en) | Data transmission control method, device and system | |
WO2024069219A1 (en) | Receive side application auto-scaling | |
JP2017195438A (en) | Communication management method, communication management program, and information processing apparatus | |
KR20170002510A (en) | Communication device, control device, communication system, method for processing received packet, method for controlling communication device, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |